xAPI's Data Interoperability Research

This board is intended to generate and prioritize thoughts and ideas about what it means for xAPI to be interoperable. What else, beyond what's in the xAPI specification, would support interoperability?

It should be more obvious to both the learner and the administrator who can do what with the data and all LRS's should agree.

I *think* this belongs in interoperability but am not sure. Right now it's hard to tell who or what can see or use your data. What happens when it gets moved to another LRS? If I as a learner "own" my data but ship it to an LRS owned by some company for one purpose, what's to prevent them from selling it or using it for another purpose? 

  • Gravatar Guest
  • Aug 10 2016
  • New
  • Attach files
  • Art Werkenthin commented
    August 10, 2016 17:23

    There could be very serious implications, especially in Europe, if a person's data is sent to another location without that person's permission.

  • Russell Duhon commented
    August 12, 2016 17:43

    Permissions for possessing and transferring data are a combination of complicated laws, practices, and contracts. It isn't possible for all LRSs to agree because there isn't a ground truth -- there's no set of rules for what's right to do in any given situation. Like any system storing data, ultimately the rules for access and use of the data need to be handled by the organizations involved -- whoever's LRS it is, who their SaaS vendor is, etc.

     

    For example, relating to Art's comment, Saltbox frequently signs Wax LRS contracts with European customers containing the EU Model Clauses on privacy, that provide for details of how we protect their data in compliance with EU law, and how we'll respond if the data is requested by one of the people it is about. But that's relatively new -- until recently, the US-EU Safe Harbor provisions were our mechanism (until they were invalidated by EU courts), and they provided a slightly different set of rules for those situations.

     

    As you can see, there's no practical way to reach a universal agreement on how privacy is treated. If you use an LRS, ask about their privacy protections, and if you need more, push back when negotiating terms. It isn't an easy answer, but it's the only one that works in a complicated legal world.

     

    Okay, now that I've said that, what I think would be a better way to handle this would be for the L&D community to create a modernized description of professional ethics around the use of data, drawing on the ethical statements of other professional communities. Those ethical statements will set norms and suggest defaults, provide leverage in internal discussions, and act as a foundation for positions on law development. That's where this discussion should happen, either in ATD or the eLearning Guild (or both).

  • Gravatar
  • Gravatar
  • Gravatar